Welcome to Cisco Networkers

How to Study for CCNA

Datacenter Part 1

William Zambrano
8 years of professional IT experience.
Worked/consulted at various companies, as well as teaching.
CompTIAs, MCSE 2003, CCNA, CCNP, CCNA: Voice, Security, Datacenter,
and CCSI
Organizer at Cisco Networkers http://www.meetup.com/CiscoNetworkers/
Meetup Website http://nycnetworkers.com
Guest Speakers
Keith Barker & Anthony Sequeria
on CCIEv5
willzambrano@gmail.com
William.zambrano10577

The Official Publisher of

Certification Networking Technology
Cisco Networking Academy and more!

Save 35% off list price of print books

+ FREE U.S. Shipping
with discount code:
CISCOUG
Save 45% off list price of eBooks
with discount code:
CPUGD45
ciscopress.com/store
**Codes also valid on partner sites pearsonitcertification.com and informit.com

Why learn Nexus/UCS?

Unified Computing
paradigm shift
A datacenter in a box
The future of Datacenters v3.0
Get ahead of the competition
R&S Skills are still relevant!

The Big Pieces

Nexus Product Line
-Nexus Switches (1kv, 2k,3k,4k,5k,6k,7k)
-Nexus Line Modules (F-Cards, M-Cards)
-Nexus I/O Modules (IOM)
-Supervisors
-Fans, PSU, Generic Expansion Modules
(GEMs)

The Big Pieces cont

UCS Server Line
- C-Series
- B- Series
- E-Series
- 5108 Blade Chassis
Multilayer Director Switch (MDS) Switches
-Supervisors
-Modules
-Stand-alone
Storage (NetApp, Nimble, EMC)

The Differences IOS vs NX-OS

We have a CMP, but its only on 1st gen sups.
There is no longer one routing table, out of
the box we have Mgmt VRF and default
VRF. Console port is mgmt VRF and default
VRF is all other ports.
When pinging, youll need to specify from
which VRF your coming from (if not specified,
then comes from default VRF).

The Differences cont

ISSU to help minimize downtime when
upgrading parts of the Nexus
How to check VLANs
You can now issue commands from any mode
Issue the where cmd to see where you are
in the tree.
Notice the ? now gives us grep and head,
tail, and other Linux cmds to sort our output
when filtering

The Differences cont

Some protocols must now be enabled before
using via the feature key #sh feature
All interfaces are shown as ethernet now
instead fo GigEther or TenGigEther.
#show interfaces
#sh run int e1/1 all
#sh module N2K added show up here too

What are vPCs?

Similar to VSS in our 6500s, but instead of one
control plane (CLI interface) we have two running
control planes. Appears to the downstream
devices as one, but internally as two.
Eliminates the need for blocked ports via STP and
use ALL links as Forwarding.
Originally, we cant portchannel to two devices,
only a one to one. Now we can do to two.
N5k and N7k can do vPCs and is generally done at
the Distribution/Aggregation layer

What are vPCs cont

One peer is the primary, other secondary. This
determines behavior during a peer link failure,
primary switch is leading for STP. You cannot
preempt for this role (but can set priority)
vPC is a l2 port channel, any l3 functions are
not supported locally. However, static routing
to a FHRP addr is supported. Routing across
the vPC is supported.

vPCs cont
F cards (l2) for peer keepalive to sync
M cards for the l3 peer link for control plane
for the UDP ping between each switch and
need a M132XP-12 card to do this (VDC) 10
gig link
Best to use two modules for the PL for
redundancy
Want to have the PK in its own VRF
One vPC per VDC

Pieces of the vPC

vPC Peer: the two 5ks or 7ks (two max)
vPC Peer Link: carries control traffic btwn the
peers to create the single logical device.
Cisco Fabric Services (CFS): a protocol that used
for state sync and config sync between the two
peers (l2 functions)
vPC Peer Keepalive Link: heartbeat link (l3 link)
vPC Member Port: one port that forms the vPC,
going to a downstream device

Pieces of the vPC

vPC Domain: the umbrella of the two devices
Orphan Device: a device that is connected to
a vPC Peer not using a non-vPC link (like
portchannel)
Orphaned Port: port on the vPC Peer that
connects to an orphaned device.

vPC Cmds
#sh vpc brief
#sh vpc consistency-parameters global
#sh vpc consistency-parameters vpc 71 or
choose a specific the exact vPC #

vPC Config Demo

Configuring vPC steps 1

Enable the VPC and LACP features
(config)#feature vpc and (config)#feature lacp
Configure a VPC Domain with Number
(config)#vpc domain 1
Assign an IP addr to both ends of the peers and ping to
ensure you can reach the other end for the peer-keepalive
(config)#int e1/1
(config-if)#no switchport
(config-if)#vrf member meetup
(config-if)#ip addr 1.1.1.1 255.255.255.0
(config-if)#no sh
#ping 1.1.1.1 vrf meetup

Configuring vPC steps 2

Define the source and dest for the peerkeepalives
(config)#vpc domain 1
(config-vpc-domain)#peer-keepalive dest
2.2.2.2 vrf meetup so 1.1.1.1
Verify that the Peer Keepalive is up by issuing
#sh vpc peer-keepalive

Configuring vPC steps 3

Define the Peer Link thatll be used to sync
control plane between the two peers. Youll
specify a port-channel for redundancy.
(config)#int e1/1-3
(config-if-range)#channel-group 1 mode active
(config-if-range)#no sh
(config)#int po1
(config-if)#switchport mode trunk
(config-if)#vpc peer-link
(config-if)#no sh
Verify the po is up by issuing #sh port-ch summ

Configuring vPC steps 4

Configuring links for downstream devices
(config)#int e1/5
(config-if)#channel-group 2 mode on (if end
host doesnt support LACP or active if it does)
(config-if)#switchport mode access
(config-if)#switchport access vlan #
(config-if)#vpc 2(match the po # for a clean
config)

Verification Cmds

#sh vpc
#sh vpc brief
#sh vpc consistency-parameters global
#sh port-channel capacity
#sh vpc statistics
#sh vpc role
#sh vpc peer-keepalive

Cavets of vPC
The Peer Link needs to be a 10gig link
A vPC is a per-VDC function and cannot be
spanned across multiple VDCs
You can only have two switches in a vPC
domain.

Cisco FabricPath
Ciscos proprietary version of TRILL based off
IS-IS.
Use ALL links in your network to provide full
bandwidth use and lower oversubscription.
Help eliminates suboptimal paths
Its layer 2 routing with some layer 3
functionality
Frames get forwarded along the shortest path
available.

Cisco FabricPath cont

Because this is Layer 2 IS-IS, no need for IP.
Has something similar to OSPFs SPF algorithm
to find the shortest path across the network.
When configuring, you change the VLAN
mode to Classical or FabricPath mode.
Can work alongside STP fine, only need to
configure the STP priority on FabricPath edge
switches towards the STP domain.

FabricPath cont
From our CE devices coming into the FP
domain, FP will encap the CE l2 frame into a
FP l2 frame.
AKA as MAC and MAC routing because FP
looks at the source and dest frame headers to
decide the best way to route it via the SPF.

FabricPath Terms
Classical Ethernet (CE)
Leaf Switch: the border switch that connects to
a CE domain
Spine Switch: Core switch of the FP domain all
its ports are FabricPath ports (no CE)
FabricPath Core Ports: ports that connect to
another FP device (config-if)#switchport mode
fabricpath
CE Edge Ports: ports on a Leaf Switch connecting
to the classical Ethernet domain (configif)#switchport mode fabricpath

FabricPath Terms cont

Switch ID: like Router ID in OSPF, this IDs this
switch to everyone in the FP domain. Gets
auto generated but we can adjust this.
(config)#fabricpath switch-id ?

Configuring FabricPath
Enable the feature-set via #install feature-set
fabricpath and then #feature-set fabricpath
Configure the VLANs to go over the FP to change the
way they learn MACs (Conversational MAC Learning)
from CE to FP (config)#vlan 10 (config-vlan)#mode
fabricpath
Configure FP Core Ports via (config-if)#switchport
mode fabricpath
Optionally you can change a ports default mode to FP
via (config-if)#system default switchport fabricpath
Optionally, you can changeup the switch ID via (configvpc-domain)#fabricpath switch-id ?

Verification Cmds

#sh feature-set
#sh int brief
#sh spanning-tree summary
#sh fabricpath is-is database
#sh fabricpath is-is adj

Overlay Transport Virtualization OTV

A way to connect multiple datacenters to each
other. OTV provides a layer 2 transport across
datacenters (stretch VLAN)
New lines can be brought up easily and quickly,
easy config used short-term. Bundle this
together with LISP for a better long term fit.
Anything STP related stays within each
datacenter and isn't transferred.

OTV cont
We could use Dark Fiber, a P2P link, MPLS,
OTV uses GRE tunnels but it has some builtin features to stop STP, ARPs, broadcast
storms, etc. Keeps each DC as a island.
Generally you want to keep the control plane
traffic off OTV, but keep on it the data plane
traffic.
Things like having a VLAN in two sites but they
will be in 2 STP domains. Thus, we can have
VLAN overlays without a complications.

OTV cont
OTV does not support fragmentation, need to enable
jumbo frame on the Join int. mtu 9216
OTV can run over anything, OC, MPLS, P2P, etc as long
we are able to ping the two points.
You do not need to run multicast for OTV, but for better
use of bandwidth you can use multicast instead of
unicast (adj servers).
Layer 2 flooding isnt done over the OTV network, but
done by the OTV control plane.
Multihoming can be done as well with OTV (AED)
Generally deployed in its own VDC (OTV on stick) OTV
cant work with a VDC that has SVIs.

OTV Terms
Edge device: this device is responsible for all OTV
functionality, and sits at the core/aggregation
layer. Encaps l2 traffic into GRE, crosses the
network and pops out unencap as a l2 frame.
Authoritative Edge Device (AED): multiple edge
devices for redundancy/load balancing.
Internal int: the int on the edge device that face
the datacenter and carry at least one VLAN that
are extended through OTV. These are layer 2
devices.

OTV Terms cont

Join int: one of the uplinks of the edge device,
usually used to join the OTV network.
Overlay int: the new virtual int that contains all
the OTV config. The overlay int encaps the sites
l2 frames as IP unicast or multicast packets.
Extend VLANs: VLANs that are crossing the l3
network and coming out as a l2 frame.
Site VLAN: an internal VLAN used to elect the
AED, something the peers use to talk to each
other

OTV Terms cont

Site Identifier: a loop prevention mechanism
used to prevent a packet originating from a site,
coming back in. A unique ID per site.
Overlay Int: our tunneling interface specified by
(config)#int overlay 1 which gets linked to a
physical int (called the OTV Join Int)
OTV Control Group: a multicast addr used to
discover the remote sites in the control plane and
extend the control plane for protocols like ARP,
BPG, OSPF, etc)
OTV Data Group: used when tunneling multicast
traffic between sites in the data plane.

Configuring OTV
Ensure we have l3 connectivity btwn the two sites
Enable the OTV feature (config)#feature otv
Create an Overlay VLAN (global) to be fwd over
the OTV tunnel and create a Site VLAN used to
sync the AEDs (local).
(config)#vlan 10
(config-vlan)#name OVERLAY_VLAN
(config)#vlan 20
(config-vlan)#name SITE_VLAN

Configuring OTV 2
Define the Site VLAN and Overlay VLAN. If you
have two AEDs at the DC you want this
number to be the same.
(config)#otv site-vlan 20
(config)#otv site-identifier 0.0.1
Define the overlay interface (local) and define
some OTV settings under it
(config)#int overlay 1

Configuring OTV 3
Define the Control Group, Data Group, and
Extended VLAN (what VLANs to bridge over)
(config-if-overlay)#otv control-group 239.1.1.1
(config-if-overlay)#otv data-group 232.1.1.0/28
(config-if-overlay)#otv extend-vlan 10
(config-if-overlay)#otv join-inter e1/1 note here
it will say to enable IGMPv3 on this int if you
haven't already

Verification Cmds

#sh otv adj

#sh otv overlay 1
#sh otv otv adj detail
#sh otv route
#sh interface overlay 1
#sh otv vlan 100 detail
#sh otv site
#sh run otv
#sh otv route

VDCs
Completely separate not like a VRF table
To reach must physically connect cables
All SW upgrades and mgmt of rsources must be
done from the defalt VDC
4 VDCs can be made check datasheets per
Nexus model
Ports get grouped to a VDC based on its ASIC
depending on what line card (N7K-M132XP-12)
Great for PoC, UAT/Dev env

VDCs cont
You can only do certain tasks like resource
allocation or deleting/creating VDCs from the
default VDC. Default VDC cannot be deleted
You can only map groups of ports into a VDC
based off the line cards ASIC.
Each VDC gets its own mgmt0 IP addr and
they do not overlap

VDCs cont

Vdc-admin: RW access to their VDC

Vdc-operator: RO access to their VDC
Network-admin: RW to all VDCs
Network-operator: RO access to all VDCs
Storage-admin
Storage-operator

#sh run
Here we can see
VLAN limit
HW resource limit
Ports in this VDC

Creating a new VDC

(config)#vdc MEETUP
(config-vdc)#allocate interface e1/1-5
(config-vdc)#boot order ?
(config-vdc)#limit-resource ?
#switchto vdc MEETUP
Start configuring your VDC

VDC Cmds

#Switchto
#Switchback
#copy run start vdc-all
#sh vdc
#sh run | begin vdc
#sh vdc membership
#sh vdc current-vdc
#sh vdc shared membership
#sh vdc resource detail
#sh vdc feature-set

So...how do I study all this?

Cisco CloudLabs
https://cloudlab-us-west-01.cisco.com/
Get Sponsor Email
https://learningnetwork.cisco.com/thread/5050
3

Cisco UCS Emulator

http://developer.cisco.com/web/unifiedcomp
uting/ucsemulatordownload
Run off VMware Workstation, load up the vm
and access it via your local PC. You can pretty
much do everything except run an actual VM.

Books
NX-OS and Cisco Nexus Switching: Next-Generation Data
Center Architectures 2nd Edition
Data Center Virtualization Fundamentals:
Understanding Techniques and Designs for Highly
Efficient Data Centers with Cisco Nexus, UCS, MDS, and
Beyond

CCNA Data Center - Introducing Cisco Data Center

Networking Study Guide: Exam 640-911

Books #2
Cisco Unified Computing System (UCS) (Data
Center): A Complete Reference Guide to the
Cisco Data Center Virtualization Server
Architecture
Storage Networking Fundamentals: An
Introduction to Storage Devices, Subsystems,
Applications, Management, and File Systems
Network Warrior 2nd Edition Nexus Chapter

Free Video Training

Cisco Learning Network under DCICN Training Videos
https://learningnetwork.cisco.com/community/certific
ations/ccna_data_center/dcicn/training_videos
TrainSignal (PluralSight), CBTNuggets and INE
YouTube Videos
http://www.youtube.com/watch?v=q4Z-mvzlhaI
http://www.youtube.com/watch?v=cEpOOtr7ydg
http://www.youtube.com/watch?v=xtr-7vw9GgU

Cisco Titanium
https://learningnetwork.cisco.com/thread/49
328
Similar to what we are used to with GNS3, but
for the NX-OS instead of the IOS.
Officially not supported

Classroom
Cisco Official CCNA Datacenter Course
Introducing Cisco Data Center Networking
(DCICN)
Introducing Cisco Data Center Technologies
(DCICT)
Todd Lammles CCNA Datacenter Course
http://www.lammle.com/course/ccna-datacenter-bootcamp/

Official Cisco Website

http://www.cisco.com/en/US/products/ps940
2/products_installation_and_configuration_gu
ides_list.html
http://www.cisco.com/en/US/docs/switches/
datacenter/nexus5000/sw/configuration/guid
e/cli_rel_4_0_1a/CLIConfigurationGuide.html

Cisco live! 365

Get a Mentor!
Meetup groups
Co-workers avoid burning bridges, get on
LinkedIn
Network, network, network human physical
network
Get your name out there

Q&A
Visit us a our Meetup Page
http://www.meetup.com/Cisco-Networkers/
Visit our webpage at
http://www.nycnetworkers.com

http://www.youtube.com/cisconetworkers1
or visit our YouTube page for all uploaded videos
Or contact me directly at willzambrano@gmail.com or Skype name
william.zambrano10577